During a denial of service (DOS) or distributed denial of service (DDOS) attack the volume of attack may be close to the link capacity. The number of attacking sources can be too many and may change too fast. The challenge is to make sure that a secured device never gets more traffic than it can handle.
A traditional way to solve the above problem is to use blind rate limiting. But rate limiting does not solve the problem completely. It protects the server from getting overwhelmed but it does not allow the genuine sources to get service during attack. It leads to a DOS on the sources.
There comes the need for source limiting and with it a lot more challenges. Since the sources can be too many and may change too fast, a fast and memory efficient way of managing the source statistics is required to keep track of the attacking endpoints dynamically at link speed. Accordingly, there is a need for a system, method and apparatus for protecting a network or device against high volume attacks.